Server Version#: 1.40.5.8921
Player Version#:
<If providing server logs please do NOT turn on verbose logging, only debug logging should be enabled>
I have been noticing lately that my plex server is sending some pretty strange dns requests to my adguard home server that look like: 2024-08-mzjl-mad0ys:2.mydomain.net (the mydomain.net is my home lan domain that I didn’t want to share with everyone). Has anyone seen anything like this before? Am I just being overly paranoid? Thanks!
Do you have mDNS enabled? Those ‘goofy’ names are usually resulting from mDNS.
As long as they resolve to the local LAN (RFC-1918 addresses) then you’re still 100% safe
I do have Avahi running on pfSense but restricted to 2 specific interfaces, neither of which Plex has access to. It doesn’t resolve to anything as there’s a colon in the request but I have a catch-all wildcard DNS rewrite that is snagging it and sending it to my reverse proxy…which has no idea what to do with it. Just very strange I haven’t seen it up until today.
So I found more on this. It is only when I am playing an IPTV stream from “Live TV”. Every 13 seconds it sends that funky request. I monitored the unbound log and noticed my plex VM only sends those requests when I have a stream running through it.
not knowing anything about which IPTV stream (even Plex’s), there’s nothing I can advise.
Personally, I don’t run anything but the pure domain (ACME managed) on the pfsense. I keep it pure / native to PfSense.
The firewall with allowed access alias list controls the access so no proxy of any type is needed. A simple NAT-port forward with AccessList is all that I need.
I could give you my IP or FQDN and port number. You’d get nothing. I’d be a hole in the internet.
That’s fair. I don’t really Need to have it behind my proxy but that’s how I handle all of my other publicly exposed services. It makes it easy for certificate management and keeps everything in one place. But I agree. I have crowdsec blocklist mirror list ingested to pfsense, various pfblockerng lists and geoip blocking lists someone would have to get through to reach plex. I could most likely get away with a port forward with all the rules I have on the WAN.
Thanks for taking a look anyhow. Always appreciate your insight and help. Cheers!
I avoided the proxy entirely by giving folks the WAN port.
plex.my.domain:port
ombi.my.domain:port
overseer.my.domain:port
Now my firewall rules fire on the inbound port and redirect appropriately.
Cloudflare is where the CNAME magic happens.
Followed by NAT port-forward for each service (including Plex)
Here you can see the actual WAN ports.
Maybe cludgy but it’s straight forward to me as I see the port transitions.
PfSense keeps Cloudflare updated with my IP address
As always, the “AllowedRemotes” alias keeps out all except those permitted.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
